JP4880278B2 - 軽量ディレクトリアクセスプロトコルトラフィックのセキュリティ保護 - Google Patents

軽量ディレクトリアクセスプロトコルトラフィックのセキュリティ保護 Download PDF

Info

Publication number
JP4880278B2
JP4880278B2 JP2005297613A JP2005297613A JP4880278B2 JP 4880278 B2 JP4880278 B2 JP 4880278B2 JP 2005297613 A JP2005297613 A JP 2005297613A JP 2005297613 A JP2005297613 A JP 2005297613A JP 4880278 B2 JP4880278 B2 JP 4880278B2
Authority
JP
Japan
Prior art keywords
ldap
access protocol
lightweight directory
directory access
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2005297613A
Other languages
English (en)
Japanese (ja)
Other versions
JP2006127504A5 (https=
JP2006127504A (ja
Inventor
カッツ アリエル
モンドリ ロン
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/975,292 external-priority patent/US20060092948A1/en
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of JP2006127504A publication Critical patent/JP2006127504A/ja
Publication of JP2006127504A5 publication Critical patent/JP2006127504A5/ja
Application granted granted Critical
Publication of JP4880278B2 publication Critical patent/JP4880278B2/ja
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4523Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using lightweight directory access protocol [LDAP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
JP2005297613A 2004-10-28 2005-10-12 軽量ディレクトリアクセスプロトコルトラフィックのセキュリティ保護 Expired - Fee Related JP4880278B2 (ja)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US10/975,292 2004-10-28
US10/975,292 US20060092948A1 (en) 2004-10-28 2004-10-28 Securing lightweight directory access protocol traffic
US10/997,433 US7577132B2 (en) 2004-10-28 2004-11-24 User interface for securing lightweight directory access protocol traffic
US10/997,433 2004-11-24

Publications (3)

Publication Number Publication Date
JP2006127504A JP2006127504A (ja) 2006-05-18
JP2006127504A5 JP2006127504A5 (https=) 2008-11-27
JP4880278B2 true JP4880278B2 (ja) 2012-02-22

Family

ID=35615608

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2005297613A Expired - Fee Related JP4880278B2 (ja) 2004-10-28 2005-10-12 軽量ディレクトリアクセスプロトコルトラフィックのセキュリティ保護

Country Status (5)

Country Link
US (1) US7577132B2 (https=)
EP (1) EP1653710B1 (https=)
JP (1) JP4880278B2 (https=)
KR (1) KR101213806B1 (https=)
AT (1) ATE519323T1 (https=)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8862866B2 (en) 2003-07-07 2014-10-14 Certicom Corp. Method and apparatus for providing an adaptable security level in an electronic communication
EP2005636B1 (en) * 2006-04-13 2015-10-21 Certicom Corp. Method and apparatus for providing an adaptable security level in an electronic communication
GB0610113D0 (en) * 2006-05-20 2006-06-28 Ibm Method and system for the storage of authentication credentials
CN100495368C (zh) * 2006-09-27 2009-06-03 广达电脑股份有限公司 将主机以及输入输出外设配对的方法
US9124602B2 (en) 2007-01-05 2015-09-01 International Business Machines Corporation Method and apparatus for creating custom access control hierarchies
JP5014847B2 (ja) 2007-03-19 2012-08-29 株式会社リコー 情報処理装置及び情報処理方法
KR100807354B1 (ko) * 2007-07-04 2008-02-28 주식회사 넷츠 통합계정 관리를 위한 실시간 규칙그룹 지원장치
US8230455B2 (en) * 2007-07-11 2012-07-24 International Business Machines Corporation Method and system for enforcing password policy for an external bind operation in a distributed directory
US8156484B2 (en) * 2007-08-22 2012-04-10 International Business Machines Corporation LDAP server performance object creation and use thereof
US8224996B2 (en) * 2008-12-29 2012-07-17 International Business Machines Corporation Directory viewports
US8645401B2 (en) 2009-08-13 2014-02-04 Cox Communications, Inc. Technical electronic discovery action model
US8516138B2 (en) 2010-08-31 2013-08-20 International Business Machines Corporation Multiple authentication support in a shared environment
WO2012044821A2 (en) * 2010-09-30 2012-04-05 Saudi Arabian Oil Company System and method for controlling access to a plant network
WO2012106726A1 (en) 2011-02-04 2012-08-09 Nextplane Method and system for federation of proxy-based and proxy-free communications systems
US9716619B2 (en) 2011-03-31 2017-07-25 NextPlane, Inc. System and method of processing media traffic for a hub-based system federating disparate unified communications systems
US9077726B2 (en) 2011-03-31 2015-07-07 NextPlane, Inc. Hub based clearing house for interoperability of distinct unified communication systems
US9203799B2 (en) 2011-03-31 2015-12-01 NextPlane, Inc. Method and system for advanced alias domain routing
US9407663B1 (en) * 2011-09-28 2016-08-02 Emc Corporation Method and apparatus for man-in-the-middle agent-assisted client filtering
EP2748723A4 (en) * 2011-11-03 2015-07-22 Ericsson Telefon Ab L M PROCESS, DEVICE, AND CENTRAL SERVERS FOR PROVIDING SERVICES FOR AN LDAP CLIENT
US8898796B2 (en) 2012-02-14 2014-11-25 International Business Machines Corporation Managing network data
US9705840B2 (en) 2013-06-03 2017-07-11 NextPlane, Inc. Automation platform for hub-based system federating disparate unified communications systems
US9819636B2 (en) * 2013-06-10 2017-11-14 NextPlane, Inc. User directory system for a hub-based system federating disparate unified communications systems
US9443093B2 (en) * 2013-06-20 2016-09-13 Amazon Technologies, Inc. Policy enforcement delays
US9736159B2 (en) * 2013-11-11 2017-08-15 Amazon Technologies, Inc. Identity pool bridging for managed directory services
US9785669B2 (en) 2014-05-21 2017-10-10 International Business Machines Corporation Revising policy statements using hyperlinks
US10015162B2 (en) * 2015-05-11 2018-07-03 Huawei Technologies Co., Ltd. Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests
US10250596B2 (en) * 2016-06-29 2019-04-02 International Business Machines Corporation Monitoring encrypted communication sessions
US12058015B2 (en) * 2016-10-21 2024-08-06 Forward Networks, Inc. Systems and methods for an interactive network analysis platform
US11310192B1 (en) * 2019-12-20 2022-04-19 Stealthbits Technologies Llc Systems and methods for second protocol communication over LDAP
US12309152B2 (en) * 2023-08-15 2025-05-20 Citibank, N.A. Access control for requests to services

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7418731B2 (en) 1997-11-06 2008-08-26 Finjan Software, Ltd. Method and system for caching at secure gateways
US6154776A (en) * 1998-03-20 2000-11-28 Sun Microsystems, Inc. Quality of service allocation on a network
US6263362B1 (en) * 1998-09-01 2001-07-17 Bigfix, Inc. Inspector for computed relevance messaging
US6680942B2 (en) * 1999-07-02 2004-01-20 Cisco Technology, Inc. Directory services caching for network peer to peer service locator
US6567857B1 (en) 1999-07-29 2003-05-20 Sun Microsystems, Inc. Method and apparatus for dynamic proxy insertion in network traffic flow
US6622170B1 (en) * 1999-09-10 2003-09-16 International Business Machines Corporation System and method for DEN/LDAP client database access with a backoff capability
US6950819B1 (en) * 1999-11-22 2005-09-27 Netscape Communication Corporation Simplified LDAP access control language system
EP1113648A3 (en) 1999-12-30 2003-07-09 Nortel Networks Corporation Generic registration of plug-ins for a directory server
US6665674B1 (en) 2000-02-02 2003-12-16 Nortel Networks Limited Framework for open directory operation extensibility
US6609121B1 (en) 2000-07-17 2003-08-19 International Business Machines Corporation Lightweight directory access protocol interface to directory assistance systems
US6799197B1 (en) * 2000-08-29 2004-09-28 Networks Associates Technology, Inc. Secure method and system for using a public network or email to administer to software on a plurality of client computers
US7002973B2 (en) * 2000-12-11 2006-02-21 Acme Packet Inc. System and method for assisting in controlling real-time transport protocol flow through multiple networks via use of a cluster of session routers
JP2002207694A (ja) * 2001-01-05 2002-07-26 Nec Corp 情報転送追跡装置、個人情報管理システム、その方法及びプログラムを記録した記録媒体
US20020124057A1 (en) 2001-03-05 2002-09-05 Diego Besprosvan Unified communications system
US6732105B1 (en) 2001-07-27 2004-05-04 Palmone, Inc. Secure authentication proxy architecture for a web-based wireless intranet application
EP1415232B1 (en) 2001-08-08 2015-01-14 Flash Networks Ltd. System and method for accelerating communication of tcp/ip based content
US7035846B2 (en) 2002-09-23 2006-04-25 International Business Machines Corporation Methods, computer programs and apparatus for caching directory queries
US20040167859A1 (en) 2003-02-14 2004-08-26 Richard Mirabella Software license management system configurable for post-use payment business models
US20040215775A1 (en) 2003-04-24 2004-10-28 Bookfactory, Llc, A California Limited Liability Corporation System, method and computer program product for network resource processing
US8880893B2 (en) 2003-09-26 2014-11-04 Ibm International Group B.V. Enterprise information asset protection through insider attack specification, monitoring and mitigation
US20050091343A1 (en) 2003-10-22 2005-04-28 Bookfactory, Llc System, method and computer program product for network resource processing
US7620630B2 (en) 2003-11-12 2009-11-17 Oliver Lloyd Pty Ltd Directory system

Also Published As

Publication number Publication date
EP1653710B1 (en) 2011-08-03
ATE519323T1 (de) 2011-08-15
US20060168255A1 (en) 2006-07-27
KR101213806B1 (ko) 2012-12-18
EP1653710A1 (en) 2006-05-03
KR20060049122A (ko) 2006-05-18
JP2006127504A (ja) 2006-05-18
US7577132B2 (en) 2009-08-18

Similar Documents

Publication Publication Date Title
JP4880278B2 (ja) 軽量ディレクトリアクセスプロトコルトラフィックのセキュリティ保護
CN101729597B (zh) 利用缓存的登录对web服务器上动态内容的隔离匿名访问
CN101669128B (zh) 级联认证系统
US8661505B2 (en) Policy evaluation in controlled environment
Lockhart Network Security Hacks: Tips & Tools for Protecting Your Privacy
US9886590B2 (en) Techniques for enforcing application environment based security policies using role based access control
US20120131646A1 (en) Role-based access control limited by application and hostname
US20060015727A1 (en) Method and apparatus for identifying purpose and behavior of run time security objects using an extensible token framework
US9384359B2 (en) Information firewall
WO2007016436A2 (en) Segmented network identity management
US7526799B2 (en) Method for tracking security attributes along invocation chain using secure propagation token
US20040267749A1 (en) Resource name interface for managing policy resources
US20040073668A1 (en) Policy delegation for access control
KR20090019443A (ko) Ip 주소를 이용한 사용자 인증 시스템 및 그 방법
KR20050062368A (ko) 방화벽 서비스 관리를 위한 객체 모델
US20100031317A1 (en) Secure access
US20030088648A1 (en) Supporting access control checks in a directory server using a chaining backend method
Cherry Securing SQL Server: protecting your database from attackers
US20060092948A1 (en) Securing lightweight directory access protocol traffic
CN118118238A (zh) 访问权限的验证方法及装置
CN119522555A (zh) 计算机系统的安全性
CN118056380A (zh) 在计算机网络之内限制横向遍历
Bindiganavale et al. Role based access control in enterprise application-security administration and user management
Del Vecchio et al. Evaluating Grid portal security
EP3674933B1 (en) System and method of changing the password of an account record under a threat of unlawful access to user data

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20081014

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20081014

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20110722

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20111020

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20111118

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20111201

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

Ref document number: 4880278

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20141209

Year of fee payment: 3

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees